Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20/08/2024, 04:15 UTC
Static task
static1
Behavioral task
behavioral1
Sample
add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe
-
Size
139KB
-
MD5
add333043550c59cf6c79b3c369b9ab4
-
SHA1
c2a9dfd9dda301a4a18042a5e4b114da0df71f9a
-
SHA256
69fc114f6fa4855a4a059f5d137b76c7e589cf2231aeb0fdbdc7e6b187390e91
-
SHA512
c8e82240ca250a4d3065fcf2e17e03f5657ac58ba040498b6cb42f080e1cecd394bd13e05286913e4ccb3e23b70d934f01d3a8addf84f34815cb4d96f5f983b8
-
SSDEEP
3072:zH+Mcv5JXXieDEvy1W7rkD+bnAIhRjaNO:zHl0ndEqgkCAaRGs
Malware Config
Signatures
-
Server Software Component: Terminal Services DLL 1 TTPs 14 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\Parameters\ServiceDll = "C:\\Windows\\system32\\Nwsapagent.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WmdmPmSp\Parameters\ServiceDll = "C:\\Windows\\system32\\WmdmPmSp.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\helpsvc\Parameters\ServiceDll = "C:\\Windows\\system32\\helpsvc.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Nla\Parameters\ServiceDll = "C:\\Windows\\system32\\Nla.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters\ServiceDll = "C:\\Windows\\system32\\NWCWorkstation.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SRService\Parameters\ServiceDll = "C:\\Windows\\system32\\SRService.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PCAudit\Parameters\ServiceDll = "C:\\Windows\\system32\\PCAudit.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uploadmgr\Parameters\ServiceDll = "C:\\Windows\\system32\\uploadmgr.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\system32\\FastUserSwitchingCompatibility.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ias\Parameters\ServiceDll = "C:\\Windows\\system32\\Ias.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Wmi\Parameters\ServiceDll = "C:\\Windows\\system32\\Wmi.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Irmon\Parameters\ServiceDll = "C:\\Windows\\system32\\Irmon.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Ntmssvc\Parameters\ServiceDll = "C:\\Windows\\system32\\Ntmssvc.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LogonHours\Parameters\ServiceDll = "C:\\Windows\\system32\\LogonHours.dll" add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe -
Loads dropped DLL 54 IoCs
pid Process 4696 svchost.exe 4696 svchost.exe 4696 svchost.exe 4736 svchost.exe 4736 svchost.exe 4736 svchost.exe 4736 svchost.exe 4736 svchost.exe 4736 svchost.exe 4716 svchost.exe 4716 svchost.exe 4716 svchost.exe 1648 svchost.exe 1648 svchost.exe 1648 svchost.exe 1648 svchost.exe 1648 svchost.exe 1648 svchost.exe 4592 svchost.exe 4592 svchost.exe 4592 svchost.exe 3252 svchost.exe 3252 svchost.exe 3252 svchost.exe 4416 svchost.exe 4416 svchost.exe 4416 svchost.exe 4844 svchost.exe 4844 svchost.exe 4844 svchost.exe 3888 svchost.exe 3888 svchost.exe 3888 svchost.exe 3888 svchost.exe 3888 svchost.exe 3888 svchost.exe 4928 svchost.exe 4928 svchost.exe 4928 svchost.exe 4928 svchost.exe 4928 svchost.exe 4928 svchost.exe 828 svchost.exe 828 svchost.exe 828 svchost.exe 828 svchost.exe 828 svchost.exe 828 svchost.exe 2940 svchost.exe 2940 svchost.exe 2940 svchost.exe 2940 svchost.exe 2940 svchost.exe 2940 svchost.exe -
Drops file in System32 directory 14 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\uploadmgr.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WmdmPmSp.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Ntmssvc.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Nwsapagent.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Nla.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\SRService.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\PCAudit.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Irmon.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Wmi.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\LogonHours.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\helpsvc.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\Ias.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\NWCWorkstation.dll add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 13 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4392 add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe 4392 add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\add333043550c59cf6c79b3c369b9ab4_JaffaCakes118.exe"1⤵
- Server Software Component: Terminal Services DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4392
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4696
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s Irmon1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4736
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nla1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4716
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s Ntmssvc1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1648
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s NWCWorkstation1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4592
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s Nwsapagent1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3252
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s SRService1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4416
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s WmdmPmSp1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4844
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s LogonHours1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3888
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s PCAudit1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4928
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s helpsvc1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:828
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s uploadmgr1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2940
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request134.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.126.166.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 622808
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BC402B557C7545FAB604177F11BAAFA4 Ref B: LON04EDGE0611 Ref C: 2024-08-20T04:16:53Z
date: Tue, 20 Aug 2024 04:16:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 625518
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 10B9337C3EB041478978C76324C744A2 Ref B: LON04EDGE0611 Ref C: 2024-08-20T04:16:53Z
date: Tue, 20 Aug 2024 04:16:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 594481
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C3843643FD0346B698F69E8C8944058A Ref B: LON04EDGE0611 Ref C: 2024-08-20T04:16:53Z
date: Tue, 20 Aug 2024 04:16:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 663065
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 56CBC507C6F44133BDB5671592C18B19 Ref B: LON04EDGE0611 Ref C: 2024-08-20T04:16:53Z
date: Tue, 20 Aug 2024 04:16:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239356671167_19HPP7IIREEX4KA57&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239356671167_19HPP7IIREEX4KA57&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 414304
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 60FD0ADBEC5547DEAA7AA474B215A4CE Ref B: LON04EDGE0611 Ref C: 2024-08-20T04:16:53Z
date: Tue, 20 Aug 2024 04:16:53 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239356671168_16FGHU1WN2XYJHSC0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.28.10:443RequestGET /th?id=OADD2.10239356671168_16FGHU1WN2XYJHSC0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 606526
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B159CEDB07CC404C8BC63872D6190C3C Ref B: LON04EDGE0611 Ref C: 2024-08-20T04:16:54Z
date: Tue, 20 Aug 2024 04:16:54 GMT
-
Remote address:8.8.8.8:53Request10.28.171.150.in-addr.arpaIN PTRResponse
-
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
150.171.28.10:443https://tse1.mm.bing.net/th?id=OADD2.10239356671168_16FGHU1WN2XYJHSC0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http2125.9kB 3.7MB 2649 2645
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301078_1O81E4QM35DM2EN4A&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239317301511_14RJSOYL5IFIBQQUL&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239356671167_19HPP7IIREEX4KA57&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239356671168_16FGHU1WN2XYJHSC0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
1.2kB 6.8kB 15 12
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
73.144.22.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
134.32.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
56.126.166.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.28.10150.171.27.10
-
72 B 158 B 1 1
DNS Request
10.28.171.150.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
139KB
MD5cc6e0ab6eb79750330ebfdb8d3b76328
SHA14f0eec3ca40b479cc4155a0cb643c5d71383117c
SHA256c07b7e5826817379794168cd0e48613cbd4c0483dc69a90ee8d3ff897ba0e746
SHA512a78b74628b671df8f8e2a1b4ececaab5df89bef378d1088d0dca17eb32e5e166d3f68c50acd6b7b380deeb90b27c06ac709b54e9bf6c38a943b332083d7c8f15